DATABASE SECURITYAND AUDTING

CHAPTER 5

Database Application Security ModelsAcknowledgement:

During spring 2006 through summer 2006, Phanindra Maddhi, a graduate assistant in Technology devoted efforts in developing this course. In the process, he studied extensively the content of the text. He tested all the Oracle SQL codes presented in the textbook. We had a lot of good discussions in the process, which benefited me tremendously. The notes you will read here is a result of his hard work.

We understand that there might be inaccuracies in the notes. Please give us the feedback so that we can correct any mistakes or errors in the notes.

Peter Ping LiuAugust, 2006 in Charleston

Introduction This chapter presents an overview of different users and the related security model concepts. It also presents the most frequently used application types. This is followed by a presentation of different application security models. The chapter concludes with a demonstration of password encryption.

Learning Objectives Type of users Security Models Application Types Application Security Models

Symboles:

Important points Note

5.1 Type of users

This chapter describes a database user being used to log on to an application. For each application user, a database account must be created and assigned specific privileges. We already know about the database user and database roles. Before going forward we need to know the distinction between an application and a database.

Application:It is a program that solves a problem or performs for a specific business function.

Examples of application include MS word, Adobe Acrobat Reader, and inventory program.

Application administrator is an application user that has application privileges to administer application users and their roles, application administrator do not require any special database privileges.Application owner is a database user who owns application tables and objects.

Database:It is collection of related data files used by an application. Database Management

system is a collection of program that maintains data files.An application user is simply a record created for a user within the application

schema to use for authentication to the application. An application user usually does not have database privileges or role assigned to the user. All privileges and role are granted by the application and are specific to the application. The following is a list of the users.

Database administrator is a user account that has database administration privileges that enable the user to perform any administration task.Database User is a type of user account that has database roles and privileges assigned to it.Proxy User is a database user the has specific roles and privileges assigned to it, the proxy user is employed to work on behalf of an application user, this type is usually useful for adding and isolating application users from the database.Schema owner is a database user that owns database objects.Virtual user is an account that has access to the database through another database user account; a virtual user is referred to in some case as a proxy user.

5.2 Security Models:This section outlines two frequently used security models and should help to understand how application security models are implemented.

Access Matrix Model:This model uses a matrix to represent two main entities that can be used for any

security implementation. The columns are represented by object and the rows are subjects. An object can be a table, view, procedure, or any other database object a subject can be a user, role, privilege, or a module. The intersection of a row and column is an

authorization cell, representing the access details on the object granted to the subject. The authorization cell can be access, operation, or commands.

Access Modes Model:This model is based on the take-grant model. The model uses the subject and

object entities as the main security entities, and it uses access modes to indicate the tasks that the subject is allowed to perform on the objects. The access modes are divided into static and dynamic modes. The level shown in the table is a numeric value to indicate the degree of access.

Static modesAccess Mode

Level Description

Use 1 Allow the subject to use the object without modifying the objectRead 2 Allow the subject to read the contents of the objectUpdate 3 Allow the subject to modify the contents of the objectCreate 4 Allow the subject to add instances to the object.Delete 4 Allow the subject to remove instance of the object.

Dynamic Modes:Access Mode

Level Description

Grant 1 Allow the subject to grant any static access mode to any other subject.Revoke 1 Allow the subject to revoke a granted static access mode from a

subjectDelegate 2 Allow the subject to grant the grant privilege to other subjects.abrogate 2 Allow the subject to grant revoke privilege to other subject.

5.3 Application TypeThis section describes the commonly used application types to understand where data security should be enforced.

Client/server ApplicationsClient/server architecture became a dominating configuration for all application

because it provides a flexible and scalable structure that could take advantage of the processing power of the personal computer, the capacity and power of a dedicated server. The client/server architecture, which is composed of three main components typically found in client/server application. These components are usually spread out several tiers. Each tier has a logical or physical component, which can contain one or more of the following components.

User interface component represents all screen, reports, and codes that handle the interaction between the user and the application.Business logic component contains all the code that performs data validation and business rules implementation.Data access component contains code that retrieves, inserts, delete, and update data.A client/server application consists of a minimum of two tiers. Normally four to five tiers is the maximum configuration. The data access component of the client/server architecture is the component responsible for retrieving and manipulating data. The security module should be embedded in this component.

Web Applications:Client/server architecture once dominated business application, but not for long.

Application architecture evolved with the rise of dot-com and web-based companies. This new client/server architecture is based on the web and is therefore referred to as a web application. A web application uses the web to connect and communicate to the server. A web application uses HTML page created using Active, java applets or beans, or ASP these web pages embedded with other web services.

The components of the web applicationWeb browser layer it is a typical program that allows users to navigate through web pages found on the internet.Web server layer is a software program residing on a computer connected to the internet that responds to requests submitted by the web browsers.

Application server layer is a software program residing on a computer that is used for data processing and for interfacing to the business logic and database server.Business logic layer is a software program that implements business rules.Database server layer is a software program that stores and manages data.In this architecture, each layer resides on a separate computer. The main reason for separating web-application layers to reside on different computers is to distribute the processing load for optimum performance.

Data Warehouse Applications:Data warehouse are used in decision-support application to support executive

management in decision-making processes.

A data warehouse is a collection of many types of data taken from a number of different databases that support various corporate departments. The collection of data forms a snapshot of a business at a specific momentThe architecture of these types of data warehousing application is typically composed of a database server on which the application data resides. The application data is extracted by a process that transforms the data to warehouse mode. In additional, the data warehouse is accessed by software applications or reporting applications called online analytical processing to retrieve data and generate reports with the capability of data drilling and mining.

Other Applications:These applications still require a security layer to protect them against

inappropriate access and execution of process. The security layer should be embedded within the application. In additional, password should be protected by using an encryption mechanism similar to database systems, the password is stored in a configuration file or operation system registry file.

5.4Application Security ModelsThe Two main concepts of security model their applications and implementation.

In this section we examine five different application security models that are commonly used by the industry to provide data security and access protection at the table level. The following lists outlines the security model presented in the section.

Database role based.Application role based.Application function based.Application role and function based.Application table based.

Security Model Based on Database RolesThis model depend on the application to authentication the application users by maintain all end users in a table with their encryption password. In this model, each end user is assigned a database role, which has specific database privilege for accessing application table. The user can access whatever privileges are assigned to the role. This model, proxy user is needed to activate assigned roles. All roles are assigned to the proxy user. The architectural view of the model has common control columns prefixed with CTL. These control columns contains information about manipulate record.

CTL_INS_DTTM contains the date and time when the record was created.CTL_UPD_DTTM contains the date and time when the record was last updated.CTL_UPD_USER contains the date name that created the record or last updated the record.CTL_REC_STAT can be used to indicate the status of the record. We can use this column for any purpose, we may set this column to “A” as an indicator that the record active to indicate it is inactive.

Implementing in Oracle:Implementing the model will help to be more familiar with concept. Now we are trying to create a proxy user called APP_PROXY that will be assigned to all application role and will work on behalf of the application user APP_USER to gain access to all tables owned by the application owner called APP_OWNER. So we need to create the users, roles, and tables for this application.

Security Model Based on Application Roles:The concept of an application role security model are similar to the concept of database role security model in that they are both methods for organizing and administrating privileges. Application roles are typically mapped specifically to real business roles.

The security model that is based on application roles depends on the application to authenticate the application users. Authentication is accomplished by maintaining all end users in a table with their encrypted password. In this model, each end user is

assigned an application role, and the application role is provided with application privileges to read/write specific modules of the application.

APPLICATION_USERS: This is used to store and maintain all end users of the application with their encrypted passwords.

APPLICATION_ROLESAll roles defined by the application and for each role a privilege are assigned. The privilege can be read, write, or read/write

The point need to be considered during security Model1) This model is primitive and does not allow the flexibility required to make

changes necessary for security. For example a user called Scott who has a clerk role, and the clerk has privileges to read, add, and modify. This means that Scott can perform these operations on all modules of the application.

2) Privileges are limited to any combination of the following.1) read2) add3) delete4) update5) admin3) This model isolates the application security from the database, which make

implementation of database independent.4) Only one role is assigned to an application user.5) Maintenance of the application security does not require specific database

privilege. This lowers the risk of database violation.6) Passwords must be securely encrypted. preferably using private and public keys

this case we must modify the structure of APPLICATION_USER

.

Security Model based on Application Functions:The security model that is based on application function depends on the application to authenticate the application user by maintaining all end user in a table with their encrypted password.

In this model the application is divided into functions. For instance, if you were using an inventory application we need to have a function name CUSTOMER that maintain customers and another function name PRODUCTS for maintain products, and so on

The following list presents characteristics of this security model:

In this model the application security from the database, this makes implementation independent.

Maintenance of the application security does not require specific database privileges which lower the risk of database violations.

Password must be securely encrypted, preferably using private and public key. In this case we must modify the structure of the APPLICATION_USERS table by adding columns to store public and private keys.

The application must be designed in a granular fashion. The more granular the privileges, the more effort are needed to implement them.

Security Model based on Application Roles and Functions:This security model is a combination of both the role and function security

models. The application roles and functions security model depends on the application to authenticate the application users.

The application authenticates users by maintaining all end users in a table with their encrypted passwords. In this model the application is divided into function and roles are assigned to function that are in turn assigned to users.

The following list present characteristics of this security model: This model provides flexibility for implementing application security. This model isolates the application security from the database, which make

implementation database independent. Maintenance of the application security does not require specific database

privileges, which lower the risk of database violations. Password must be securely encrypted, preferably using private and public keys. In

this case the structure of the APPLICATION_USER table by adding columns to store public and private key.

The application must use a real database user to log on and connect to the application database. The user name and password must be encrypted and stored in a configuration file.

The application must be designed in a very granular fashion, which means that the function or modules of the application perform specific task and do not encompass a wide variety of tasks that are cross-functional.

The more granular the privileges, the more effort needed to implement them.

Security model based on Application TableThis application security model depends on the application to authenticate users by maintaining all end users in a table with their encrypted passwords. The application provides privileges to the user based on tables, not on a role or a function.

An application user many be granted a read privilege on an application bye adding an entry in APPLICATION_USER_TABLES.

The following list present characteristics of this security model: This model isolates the application security from the database, which make

implementation database independent.

Maintenance of the application security does not require specific database privileges, which lowers the risk of database violations.

Password must be securely encrypted, preferably using private and public keys. The application must use a real database user to log on and connect to the

application database. Security is implemented easily by using table access privileges that are assigned

to each end user.